Behavior-based mobile authentication ‘on the horizon’

By Matt Leonard

Apr 14, 2017

Onboard sensors in mobile devices can track users’ walking gait, how they hold the phone or key in text, and that kind of data will eventually become an important part of multifactor authentication. In fact, behavior-based authentication for mobile security may not be too far off.

“It is a great area that is hopefully on the horizon for most of us,” said Vincent Sritapan, program manager in the Cyber Security Division of the Homeland Security Advanced Research Projects Agency.

The agency has been looking at how changes in the ways mobile devices are used can indicate they’re being handled by a different user, possibly someone who isn’t supposed to have it. Security features could then limit access to enterprise email or applications, Sritapan said in an April 13 webinar on mobility hosted by Fed Insider.

DHS has been investigating the technology and has “different proof of concepts with various performers now,” he said.

Researchers have been experimenting with behavior-based authentication for several years. In 2015, DHS worked with Northrop Grumman to take advantage of behavioral sensing and tracking strategies developed by researchers at Carnegie Mellon University and Iowa State University.

The Defense Advanced Research Projects Agency has also been working toward this technology since at least 2012 when it issued a broad agency announcement for behavior-based methods for continual verification.